Bug 120479

Summary: Possible dangling CachedResourceClient of StyleRuleImport and XSLImportRule
Product: WebKit Reporter: Leo Yang <leoyang>
Component: CSSAssignee: Leo Yang <leoyang>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, esprehn+autocc, glenn, kling, koivisto, macpherson, menard, staikos
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch v2 none

Leo Yang
Reported 2013-08-29 10:41:34 PDT
In StyleRuleImport::requestStyleSheet() and XSLImportRule::loadSheet() we don't call removeClient() for m_cachedSheet before assign m_cachedSheet a new value. This could leave *this* as a client of the old cached sheet and dangling after *this* is deleted.
Attachments
Patch (3.41 KB, patch)
2013-08-29 10:58 PDT, Leo Yang 		no flags
DetailsFormatted DiffDiff
Patch v2 (3.46 KB, patch)
2013-08-30 07:01 PDT, Leo Yang 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Leo Yang
Comment 1 2013-08-29 10:58:03 PDT
Created attachment 210003 [details] Patch
Darin Adler
Comment 2 2013-08-29 11:58:01 PDT
Comment on attachment 210003 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=210003&action=review Fix looks good, but needs a test or an explanation of why there is no test. > Source/WebCore/ChangeLog:14 > + No functionalities changed no new tests. This fixes a bug. It’s not right to say “no functionalities changed”. I am guessing you noticed the bug by code inspection. Once you knew the bug existed, did you try to make a test case? Why were you unable to do so? The comment here should address those questions, rather than incorrectly saying that nothing was changed.
Leo Yang
Comment 3 2013-08-29 12:07:41 PDT
Comment on attachment 210003 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=210003&action=review >> Source/WebCore/ChangeLog:14 >> + No functionalities changed no new tests. > > This fixes a bug. It’s not right to say “no functionalities changed”. I am guessing you noticed the bug by code inspection. Once you knew the bug existed, did you try to make a test case? Why were you unable to do so? The comment here should address those questions, rather than incorrectly saying that nothing was changed. Yes I found the bug by code inspection. I tried to make a test case but I don't know how I can manipulate import rules by Javascript. Is there a way to do that or should I just say no way to test it automatically?
Leo Yang
Comment 4 2013-08-30 07:01:28 PDT
Created attachment 210102 [details] Patch v2
Darin Adler
Comment 5 2013-08-30 09:16:01 PDT
Comment on attachment 210102 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=210102&action=review > Source/WebCore/ChangeLog:14 > + Found by code inspection. Seems no way to test it automatically. I don’t think we should give up on figuring out what the actual symptom of this is. I suspect eventually we could come up with a way to test it.
WebKit Commit Bot
Comment 6 2013-08-30 09:38:59 PDT
Comment on attachment 210102 [details] Patch v2 Clearing flags on attachment: 210102 Committed r154889: <http://trac.webkit.org/changeset/154889>
WebKit Commit Bot
Comment 7 2013-08-30 09:39:01 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.